Ppt Deck Master

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed PPT-generation helper that uses local files and third-party image APIs in ways that match its stated purpose.

Install only if you are comfortable running the included Python script and sending slide prompts to Ofox or OpenRouter. Use a dedicated API key with spending limits, avoid putting secrets or sensitive client data in slide prompts, and review files before running overwrite/delete examples such as copying slides.json or removing a generated slide image.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill instructs users to perform file reads/writes, run Python scripts, and call external APIs, yet no declared permissions are documented. This creates a transparency and least-privilege problem: an agent or user may enable broader capabilities than expected, including access to environment variables and network egress for API keys and generated content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal